A new vulnerability in the WhatsApp messaging platform enables hackers to remotely compromise targeted devices. The vulnerability is a stack-based buffer overflow issue that can result in denial-of-service or remote code-execution attacks. To read more:https://thehackernews.com/2019/11/whatsapp-hacking-vulnerability.html
Louisiana state government
Targeted ransomware forced the state government of Louisiana offline, impacting websites, email systems and other internal applications. To read more:https://thehackernews.com/2019/11/louisiana-ransomware-attack.html
Phineas Fisher
A hacktivist known as Phineas Fisher published a manifesto announcing a program that pays up to $100,000 for politically motivated hacks. The program targets mining and livestock companies in South America and an Israeli spyware vendor, oil companies and banks. To read more:https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies
Qualcomm chips
Researchers discovered vulnerabilities in Qualcomm chipsets that enabled attackers to steal information from affected phones. Samsung and LG have applied patches while Motorola is working on a fix. To read more:https://thenextweb.com/security/2019/11/15/bugs-in-qualcomm-chips-leaked-private-data-from-samsung-and-lg-phones/
Disney+
Hackers began hijacking Disney+ user accounts as soon as the service was launched. In some cases hackers gained access to accounts by using email and passwords leaked at other sites. To read more: https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
Android
A new report revealed 146 different Android vulnerabilities that are present on devices right out of the box. The vulnerabilities span a wide range of exploits. To read more: https://www.androidauthority.com/kryptowire-android-vulnerabilities-report-1055020/
Port Neches-Groves ISD, Texas
The FBI is working to restore ownership of the Port Neches-Groves Independent School District’s database to the district after hackers deployed ransomware. To read more: https://www.12newsnow.com/article/news/education/port-neches-groves-isd-computers-attacked-by-ransomware/502-dd9746e2-1ad4-413e-94fc-323dde5555eb
Magic: The Gathering
Wizards of the Coast, the maker of the game Magic: The Gathering, left a database backup-file in a public Amazon S3 bucket. Since the bucket had no password, anyone could access the file. The database stored information on 452,634 players, including email addresses. To read more: https://techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/
Cayman National Bank
Cayman National Bank confirmed a data breach. The bank was targeted by Phineas Fisher in his manifesto, which is referenced above. To read more: https://www.vice.com/en_us/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank
Intel
Intel is removing old drivers and BIOS updates, released between the 1990s and mid-2000s, from its official website. Removing them causes problems for administrators running legacy systems, some of whom apparently had thought that they would always have access to them. To read more: https://www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/
https://upscri.be/9816bc
Veterinary hospitals
National Veterinary Associates is working to recover from a ransomware attack that impacted half of its properties. Many veterinary practices could not access their patient records, payment systems and management software. To read more: https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
Macy’s
Macy’s announced that it had suffered a data breach after the department store’s website was hacked with the purpose of stealing customer payment information. To read more: https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/
National Milk Records
UK-based dairy and livestock group National Milk Records announced that its revenue fell 14% in the third quarter after the company suffered a cyberattack. The attack was initially announced on September 25, 2019.https://www.sharesmagazine.co.uk/news/market/6676278/National-Milk-Records-revenue-hit-by-cyber-attack
Monero
The official website of Monero cryptocurrency was hacked and attackers replaced legitimate Linux and Windows binaries with malicious versions. To read more:https://thehackernews.com/2019/11/hacking-monero-cryptocurrency.html
Gatehub and EpicBot
Researchers found a database with personal information from 2.2m users of Gatehub, a cryptocurrency wallet service, and EpicBot, a gaming bot provider. To read more: https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
PAYDAY
Researchers are working with Oracle to fix several remaining critical vulnerabilities in Oracle E-Business Suite. The vulnerabilities, dubbed PAYDAY, were first patched in April 2018. To read more: https://www.onapsis.com/blog/oracle-payday-vulnerabilities
PayMyTab
Personal information belonging to PayMyTab customers was exposed due to a public Amazon bucket. To read more: https://www.zdnet.com/article/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners/
Gekko Group
Researchers found a database belonging to Gekko Group, one of Europe’s largest hotel-booking companies, exposed on a public server. The database has information on 140,000 clients, both individuals and organizations. To read more: https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/
Phoenix keylogger
The new keylogger Phoenix is gaining a following because of its anti-antivirus and anti-virtual-machine module that keeps the malware from being detected while deployed. To read more: https://www.zdnet.com/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/
Titan M chip
Google set up a bug bounty of up to $1.5m for hackers to compromise the Titan M chip in Pixel devices. To read more: https://thehackernews.com/2019/11/google-pixel-titan-m-chip.html
T-Mobile
T-Mobile announced a data breach impacting prepaid customers’ account information. To read more: https://www.tmonews.com/2019/11/t-mobile-data-breach-prepaid-customers/
WeWork
Developers at WeWork accidentally exposed contracts for customers based in India, China and Europe on GitHub. WeWork removed the repository from the internet after they were informed. To read more: https://www.vice.com/en_us/article/bjwqxz/wework-developers-exposed-contracts-and-customer-data-on-github